RE: [ActiveDir] Home Labs Interconnected
Or maybe DirectoryInsight :-) -Original Message- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 2:15 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Home Labs Interconnected This sounds like a job for Directory Lockdown! Toddler -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 5:06 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Home Labs Interconnected Even if you trust everyone, coordination remains a problem. Chat and such are fine, but if I'm running some tests over the course of a couple of evenings or a weekend, how can I reasonably expect 20 other people to leave the whole thing alone for that length of time? And how do I put everything back the way it was? (I guess remotely deployable VMWare is the obvious answer to this last issue.) -g -Original Message- From: Cary, Mark [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 1:44 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Home Labs Interconnected What happens in the real world when this happens? With message boards, chat rooms, and instant messengers configuration changes could be documented and discussed. Your question goes back to trust, Is someone going to make changes on there own with no concern for the other participants? -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 2:44 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Home Labs Interconnected Interesting idea I would think that trust isn't so much of an issue as configuration management. If you have 20 people link their 100 servers into a couple of AD forests (for instance), how do you make sure no one reconfigures the replication topology right when you're in the middle of testing out some site-specific GPO? -g -Original Message- From: Cary, Mark [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 10:33 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Home Labs Interconnected I wanted to pose this idea to the group and get some feedback. Resources at work are limited for a test lab and I only have 3 computers at home for a lab, and I would think at least some of you are in similar situations. The home lab is ok for some stuff but I find it's hard to put a real world slant on such a small network. Would it be plausible to get several IT people, that haven't really met just interacted online (such as this list), to connect there home labs over the Internet creating a larger lab environment. This would create many different sites and subnets, something hard to do in a standalone home lab with limited hardware. I see the biggest issue would be with security and trust, could this be overcome? Could this experiment succeed or would some people always be trying to trash everyone else's computers? What do you think? The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Badger Meter, Inc. will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Badger Meter, Inc. will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http
Re: [ActiveDir] Home Labs Interconnected
Sounds like a good idea Mark. Creation of a private VPN over the internet to form the larger Lab would take care of the external security problems, but not the internal ones (ie do you trust the other people). the main issues I can see with doing this is exactly what people want to test, and what (in any) problems that would pose when different people want to test different things. The major ones would be things like 2k - 2k3 domain upgrades, where some people would be raring to go, but others may be a few months down the track. Would require the test environment (or portions thereof) to be pulled apart several times with co-operation from other people on the network. Its something that should be acheivable, and would give people access to a larger test bed for projects. I personally would have to install additional firewalls to support it, as I have several private networks already running that I wouldn't necessarily want to share with other people (due to security requirements). One thing you may need to look at is any bandwidth / traffic limits imposed by peoples ISP's, and any additional charges that may be levied on people for participating. For example, here is Australia we have fairly harsh traffic caps from a number of ISP's that would preclude participation. Sounds like a good idea though. Glenn - Original Message - From: Cary, Mark [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, August 08, 2003 3:32 AM Subject: [ActiveDir] Home Labs Interconnected I wanted to pose this idea to the group and get some feedback. Resources at work are limited for a test lab and I only have 3 computers at home for a lab, and I would think at least some of you are in similar situations. The home lab is ok for some stuff but I find it's hard to put a real world slant on such a small network. Would it be plausible to get several IT people, that haven't really met just interacted online (such as this list), to connect there home labs over the Internet creating a larger lab environment. This would create many different sites and subnets, something hard to do in a standalone home lab with limited hardware. I see the biggest issue would be with security and trust, could this be overcome? Could this experiment succeed or would some people always be trying to trash everyone else's computers? What do you think? The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Badger Meter, Inc. will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Home Labs Interconnected
In my real world there are only 3 people other than myself in the whole world who have administrator level rights in AD and on DC's and have interactive logon rights to DC's who can make core level changes. This is for a global production forest comprising around 380 domain controllers and some 200k-250k users. All 4 of us are within slapping distance of each other which really helps out on the coordination. I guess there is a hole in if our building with us got blown up or eaten up in a tornado together, but overall I would say it has helped a whaleload more than it has hurt. Four counterpoint, there is a small AD Forest in our company that isn't run by us that is for a very small group and has maybe 4-6 domain controllers but have something like 30-40 admins and they are always trying to figure out who did what that broke this that or the other thing. Overall my basic saying for AD and Domain Controllers is... Any idiot can screw it up, very very few know enough to go back in and figure out what the idiot did and bring it back from the dead or even the stage of hurting real bad. And with those very few, you couldn't get a timeline as to how long it would take to bring it back from the dead. I gave a 3 month timeline once... 9 additional months later I was still finding things that had been screwed up. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cary, Mark Sent: Thursday, August 07, 2003 4:44 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Home Labs Interconnected What happens in the real world when this happens? With message boards, chat rooms, and instant messengers configuration changes could be documented and discussed. Your question goes back to trust, Is someone going to make changes on there own with no concern for the other participants? -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 2:44 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Home Labs Interconnected Interesting idea I would think that trust isn't so much of an issue as configuration management. If you have 20 people link their 100 servers into a couple of AD forests (for instance), how do you make sure no one reconfigures the replication topology right when you're in the middle of testing out some site-specific GPO? -g -Original Message- From: Cary, Mark [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 10:33 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Home Labs Interconnected I wanted to pose this idea to the group and get some feedback. Resources at work are limited for a test lab and I only have 3 computers at home for a lab, and I would think at least some of you are in similar situations. The home lab is ok for some stuff but I find it's hard to put a real world slant on such a small network. Would it be plausible to get several IT people, that haven't really met just interacted online (such as this list), to connect there home labs over the Internet creating a larger lab environment. This would create many different sites and subnets, something hard to do in a standalone home lab with limited hardware. I see the biggest issue would be with security and trust, could this be overcome? Could this experiment succeed or would some people always be trying to trash everyone else's computers? What do you think? The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Badger Meter, Inc. will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Badger Meter, Inc. will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org
RE: [ActiveDir] Home Labs Interconnected
Even if you trust everyone, coordination remains a problem. Chat and such are fine, but if I'm running some tests over the course of a couple of evenings or a weekend, how can I reasonably expect 20 other people to leave the whole thing alone for that length of time? And how do I put everything back the way it was? (I guess remotely deployable VMWare is the obvious answer to this last issue.) -g -Original Message- From: Cary, Mark [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 1:44 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Home Labs Interconnected What happens in the real world when this happens? With message boards, chat rooms, and instant messengers configuration changes could be documented and discussed. Your question goes back to trust, Is someone going to make changes on there own with no concern for the other participants? -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 2:44 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Home Labs Interconnected Interesting idea I would think that trust isn't so much of an issue as configuration management. If you have 20 people link their 100 servers into a couple of AD forests (for instance), how do you make sure no one reconfigures the replication topology right when you're in the middle of testing out some site-specific GPO? -g -Original Message- From: Cary, Mark [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 10:33 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Home Labs Interconnected I wanted to pose this idea to the group and get some feedback. Resources at work are limited for a test lab and I only have 3 computers at home for a lab, and I would think at least some of you are in similar situations. The home lab is ok for some stuff but I find it's hard to put a real world slant on such a small network. Would it be plausible to get several IT people, that haven't really met just interacted online (such as this list), to connect there home labs over the Internet creating a larger lab environment. This would create many different sites and subnets, something hard to do in a standalone home lab with limited hardware. I see the biggest issue would be with security and trust, could this be overcome? Could this experiment succeed or would some people always be trying to trash everyone else's computers? What do you think? The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Badger Meter, Inc. will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Badger Meter, Inc. will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Home Labs Interconnected
What happens in the real world when this happens? With message boards, chat rooms, and instant messengers configuration changes could be documented and discussed. Your question goes back to trust, Is someone going to make changes on there own with no concern for the other participants? -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 2:44 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Home Labs Interconnected Interesting idea I would think that trust isn't so much of an issue as configuration management. If you have 20 people link their 100 servers into a couple of AD forests (for instance), how do you make sure no one reconfigures the replication topology right when you're in the middle of testing out some site-specific GPO? -g -Original Message- From: Cary, Mark [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 10:33 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Home Labs Interconnected I wanted to pose this idea to the group and get some feedback. Resources at work are limited for a test lab and I only have 3 computers at home for a lab, and I would think at least some of you are in similar situations. The home lab is ok for some stuff but I find it's hard to put a real world slant on such a small network. Would it be plausible to get several IT people, that haven't really met just interacted online (such as this list), to connect there home labs over the Internet creating a larger lab environment. This would create many different sites and subnets, something hard to do in a standalone home lab with limited hardware. I see the biggest issue would be with security and trust, could this be overcome? Could this experiment succeed or would some people always be trying to trash everyone else's computers? What do you think? The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Badger Meter, Inc. will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Badger Meter, Inc. will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Home Labs Interconnected
Interesting idea I would think that trust isn't so much of an issue as configuration management. If you have 20 people link their 100 servers into a couple of AD forests (for instance), how do you make sure no one reconfigures the replication topology right when you're in the middle of testing out some site-specific GPO? -g -Original Message- From: Cary, Mark [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 10:33 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Home Labs Interconnected I wanted to pose this idea to the group and get some feedback. Resources at work are limited for a test lab and I only have 3 computers at home for a lab, and I would think at least some of you are in similar situations. The home lab is ok for some stuff but I find it's hard to put a real world slant on such a small network. Would it be plausible to get several IT people, that haven't really met just interacted online (such as this list), to connect there home labs over the Internet creating a larger lab environment. This would create many different sites and subnets, something hard to do in a standalone home lab with limited hardware. I see the biggest issue would be with security and trust, could this be overcome? Could this experiment succeed or would some people always be trying to trash everyone else's computers? What do you think? The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Badger Meter, Inc. will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Home Labs Interconnected
I think it would have to be treated like a production environment. If a roleback to a previous state was needed, it's time to test the restore process from backups. You are correct there could be several different things going on at once that could affect what other people are doing. This would require some troubleshooting. Thanks for your input, I am trying to figure out if it's a feasible idea. -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 4:06 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Home Labs Interconnected Even if you trust everyone, coordination remains a problem. Chat and such are fine, but if I'm running some tests over the course of a couple of evenings or a weekend, how can I reasonably expect 20 other people to leave the whole thing alone for that length of time? And how do I put everything back the way it was? (I guess remotely deployable VMWare is the obvious answer to this last issue.) -g -Original Message- From: Cary, Mark [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 1:44 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Home Labs Interconnected What happens in the real world when this happens? With message boards, chat rooms, and instant messengers configuration changes could be documented and discussed. Your question goes back to trust, Is someone going to make changes on there own with no concern for the other participants? -Original Message- From: Gil Kirkpatrick [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 2:44 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Home Labs Interconnected Interesting idea I would think that trust isn't so much of an issue as configuration management. If you have 20 people link their 100 servers into a couple of AD forests (for instance), how do you make sure no one reconfigures the replication topology right when you're in the middle of testing out some site-specific GPO? -g -Original Message- From: Cary, Mark [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 10:33 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Home Labs Interconnected I wanted to pose this idea to the group and get some feedback. Resources at work are limited for a test lab and I only have 3 computers at home for a lab, and I would think at least some of you are in similar situations. The home lab is ok for some stuff but I find it's hard to put a real world slant on such a small network. Would it be plausible to get several IT people, that haven't really met just interacted online (such as this list), to connect there home labs over the Internet creating a larger lab environment. This would create many different sites and subnets, something hard to do in a standalone home lab with limited hardware. I see the biggest issue would be with security and trust, could this be overcome? Could this experiment succeed or would some people always be trying to trash everyone else's computers? What do you think? The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Badger Meter, Inc. will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Badger Meter, Inc. will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify